Indian crypto exchange WazirX experienced a significant security breach in one of its multisig wallets, leading to the loss of over $230 million in user funds. The breach has prompted widespread concern in the crypto community, especially with $100 million in shiba inu (SHIB) among the stolen assets.
Details of the Breach
The breach was confirmed by WazirX in a series of posts on X (formerly Twitter). “? Update: We’re aware that one of our multisig wallets has experienced a security breach. Our team is actively investigating the incident. To ensure the safety of your assets, INR and crypto withdrawals will be temporarily paused,” the exchange stated. Further updates revealed that two more smart contracts were exploited, and users were advised to revoke all approvals to safeguard their funds. The breach appears to involve one of WazirX’s Liminal multisig wallets.
Impact on Funds and Reserves
The stolen funds represent a substantial portion of WazirX’s total reserves. According to a June 2024 report, the exchange held $500 million in total assets, making the stolen $230 million account for over 45% of its reserves. The exchange’s live proof of reserve site was also down for maintenance following the incident, adding to user concerns about the security of their assets.
Breakdown of Stolen Assets
Early blockchain data from Lookonchain reveals that the stolen assets include over $100 million in shiba inu (SHIB) tokens, $52 million in ether (ETH), $11 million in Matic’s MATIC, and $6 million in pepe (PEPE). The exploiter is reportedly selling these stolen tokens on the onchain exchange Uniswap, exacerbating the situation.
Multisig Wallets: A Double-Edged Sword?
Multisig wallets, which require two or more private keys to authenticate and confirm transactions, are designed to enhance security. However, this breach highlights the vulnerabilities that can still exist, even with advanced security measures in place, and custodian like Liminal.
Official Statement from Liminal Custody
In response to the breach, Liminal Custody issued an official statement to clarify their position and involvement:
“Our preliminary investigations show that one of the self-custody multi-sig smart contract wallets created outside of the Liminal ecosystem has been compromised. We can confirm that Liminal’s platform is not breached and Liminal’s infrastructure, wallets, and assets continue to remain safe.
It is also pertinent to note that all WazirX wallets created on the Liminal platform continue to remain secure and protected. Meanwhile, all the malicious transactions to the attacker’s addresses have occurred from outside of the Liminal platform.
Adhering to our rigorous security protocols, the Liminal team is also readily assisting the WazirX team as they carry out their investigation.”
Community Reaction and Next Steps
The breach has led to widespread concern and speculation within the crypto community. Users and stakeholders are keenly awaiting further updates from WazirX as the investigation continues. The exchange’s immediate response, including pausing withdrawals and addressing the security breach, aims to mitigate further damage and restore user confidence.
WazirX has set up a secluded website for users to revoke all approvals to protect their funds. “Your funds are at risk until you revoke,” the exchange warned, emphasizing the urgency of the situation.
*This article has been updated at 15.49 UAE time, upon receiving the statement from Liminal
